OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [cti-stix] Observation Rename


+1 for ObservedData

 

From: Allan Thomson [mailto:athomson@lookingglasscyber.com]
Sent: Wednesday, July 06, 2016 12:52 PM
To: Jordan, Bret <bret.jordan@bluecoat.com>
Cc: Piazza, Rich <rpiazza@mitre.org>; Kirillov, Ivan A. <ikirillov@mitre.org>; Trey Darley <trey@kingfisherops.com>; cti-stix@lists.oasis-open.org
Subject: Re: [cti-stix] Observation Rename

 

I like Observed Data too.

 

Just had issue with the word ‘fact’,

 

allan

 

From: "Jordan, Bret" <bret.jordan@bluecoat.com>
Date: Wednesday, July 6, 2016 at 9:36 AM
To: Allan Thomson <athomson@lookingglasscyber.com>
Cc: "Piazza, Rich" <rpiazza@mitre.org>, "Kirillov, Ivan" <ikirillov@mitre.org>, Trey Darley <trey@kingfisherops.com>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Subject: Re: [cti-stix] Observation Rename

 

Lets plan to discuss this and decide on the call today...  I think the two options right now from the email discussion are:

 

Observed Data

CybOX Data 

 

Personally, I prefer Observed Data as it makes it technology agnostic.  We will always use CybOX for Cyber.  However, long term we may choose to fold in a parallel technology to work along side CybOX. Having the term be agnostic, makes that a lot easier.   

 

Can we get an informal vote via email?  

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

 

On Jul 6, 2016, at 09:35, Allan Thomson <athomson@lookingglasscyber.com> wrote:

 

I would prefer “CyBox Data”.

The word “Fact” makes me nervous as it is a level of assessment that does not exist in the data that is provided.

Just because you captured data does not make that data accurate. One would have to determine how the data was captured, and measured to be translated into a Cybox/STIX object before you could say its ‘truth’.

allan

On 7/6/16, 7:38 AM, "cti-stix@lists.oasis-open.org on behalf of Piazza, Rich" <cti-stix@lists.oasis-open.org on behalf of rpiazza@mitre.org> wrote:

Sounds like "Facts about CybOX"

-1

-----Original Message-----
From: cti-stix@lists.oasis-open.org [mailto:cti-stix@lists.oasis-open.org] On Behalf Of Kirillov, Ivan A.
Sent: Wednesday, July 06, 2016 10:30 AM
To: Trey Darley <trey@kingfisherops.com>; Jordan, Bret <bret.jordan@bluecoat.com>
Cc: cti-stix@lists.oasis-open.org
Subject: Re: [cti-stix] Observation Rename

+1 for CybOX Facts – I think it’s very clear and to the point. Also, it permits for the _expression_ of cyber data that may be factual but not observed, such as future DGA-generated domains.

Regards,
Ivan

On 7/6/16, 8:05 AM, "Trey Darley" <cti-stix@lists.oasis-open.org on behalf of trey@kingfisherops.com> wrote:

On 05.07.2016 17:41:12, Jordan, Bret wrote:


One option we talked about was just renaming one or both of the
objects.... What if we renamed "Observation" to "Observation Data"
or something similar? Would it then be more clear that this object
just contains data or facts?

Other options, since this object can only support CybOX is we call
it "CybOX Data". The term "Cyber Data" was shot down on the call.


Occam's Razor: let's change Observation to CybOX Facts. Simple,
obvious, straight to the point.

--
Cheers,
Trey
++--------------------------------------------------------------------------++
Kingfisher Operations, sprl
gpg fingerprint: 85F3 5F54 4A2A B4CD 33C4  5B9B B30D DD6E 62C8 6C1D
++--------------------------------------------------------------------------++
--
"It is always possible to add another level of indirection." --RFC 1925

 

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]